Security

Discussion in 'Home Networking' started by Roy Amin, Oct 10, 2005.

  1. Roy Amin

    Roy Amin Guest

    I am a novice in security of wireless networks.

    I would be grateful if someone could explain some principles to me.

    If I have my router set up which is locked to specific MAC addresses, is it
    possible for anyone else to tap into my wirepless signal to access my
    broadband connection?

    Am I correct in assuming that the security measures such as WEP WPA etc is
    to prevent unauthorise people to make sense of the wireless traffic?

    Is it possible to set up 128bit WEP for some clients and 64bit for others?

    Thanks for your help

    Rohit
     
    Roy Amin, Oct 10, 2005
    #1
    1. Advertisements

  2. Roy Amin

    Alex Fraser Guest

    Yes, if they pretend they are one of the allowed MAC addresses while it's
    not in use, and they have the encryption key (if there is one).
    Not AFAIK with a single AP, but you could connect a second AP on another
    channel (creating two bridged networks) with different encryption settings.

    Alex
     
    Alex Fraser, Oct 11, 2005
    #2
    1. Advertisements

  3. [att.wireless deleted again because Newsguy claims it's an invalid
    group]
    Yes. MAC addresses are easily spoofed. See:
    http://www.klcconsulting.net/smac/
    Filtering by MAC address offers little security.
    True. WEP is easily cracked. WPA is far better. However, WEP and
    WPA are not really intended to block access to the network. They're
    prime purpose is to prevent people from sniffing the traffic.

    WPA-PSK is a shared key system meaning that every client has the same
    WPA key. This is a security problem as the common key could easily
    leak. Therefore, WPA-RADIUS with 802.1x authentication offers a 2nd
    layer of authorization and authentication required to access the
    network. There are also SSL encryption, Transport Level Security, and
    VPN (virtual private network) tunnels, to furthur improve security.
    Not on any of the commodity access points or wireless routers. There
    are some 3com access points that offer per-client or per-connection
    configuration which includes encryption methods. However, most
    wireless devices offer only one encryption method per device. If you
    need seperate encrypted and unencrypted connections, than using two
    access points is probably the best way.
     
    Jeff Liebermann, Oct 11, 2005
    #3
  4. Roy Amin

    Conor Guest

    Yes. If they're sad enough, they can sit there, listen in and grab the
    data and analyse it.
    Yup. But they still can. Basically, anyone can hack it if they're
    willing to waste the time. The thing you're trying to achieve is to
    dissuade all except those with behavioural issues.

    No. Will only work with one or another. You could use an additional
    access point and have one using 128bit and the other 64bit but you're
    making it complicated and as ALL clients support 128bit, it;s pretty
    pointless.
     
    Conor, Oct 11, 2005
    #4
  5. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on Tue, 11 Oct 2005
     
    John Navas, Oct 11, 2005
    #5
  6. On Tue, 11 Oct 2005 12:09:49 GMT, John Navas

    [att.wireless removed because Newsguy says it's bogus]
     
    Jeff Liebermann, Oct 11, 2005
    #6
  7. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on Mon, 10 Oct 2005 20:48:42
    It's actually worse than that. WPA-PSK is vulnerable attack. See

    Weakness in Passphrase Choice in WPA Interface
    By Glenn Fleishman
    By Robert Moskowitz
    Senior Technical Director
    ICSA Labs, a division of TruSecure Corp
    <http://wifinetnews.com/archives/002452.html>

    ...
    The offline PSK dictionary attack
    ...
    Just about any 8-character string a user may select will be in the
    dictionary. As the standard states, passphrases longer than 20 characters
    are needed to start deterring attacks. This is considerably longer than
    most people will be willing to use.

    This offline attack should be easier to execute than the WEP attacks.
    ...
    Using Random values for the PSK

    The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
    number for human entry; 20 character passphrases are considered too long
    for entry. Given the nature of the attack against the 4-Way Handshake, a
    PSK with only 128 bits of security is really sufficient, and in fact
    against current brute-strength attacks, 96 bits SHOULD be adequate. This is
    still larger than a large passphrase ...
    ...
    Summary
    ...
    Pre-Shared Keying is provided in the standard to simplify deployments in
    small, low risk, networks. The risk of using PSKs against internal attacks
    is almost as bad as WEP. The risk of using passphrase based PSKs against
    external attacks is greater than using WEP. Thus the only value PSK has is
    if only truly random keys are used, or for deploy testing of basic WPA or
    802.11i functions. PSK should ONLY be used if this is fully understood by
    the deployers.

    See also:
    Passphrase Flaw Exposed in WPA Wireless Security
    <http://www.technewsworld.com/story/32070.html>

    Wi-Fi Protected Access. Security in pre-shared key mode
    <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access>

    Cracking Wi-Fi Protected Access (WPA)
    <http://www.ciscopress.com/articles/article.asp?p=369221>
    <http://www.ciscopress.com/articles/article.asp?p=370636&rl=1>

    WPA Cracker
    <http://www.tinypeap.com/html/wpa_cracker.html>
     
    John Navas, Oct 12, 2005
    #7
  8. Yep. That's been known for about 2 years. The problem is that short
    (less than 20 character) WPA-PSK shared encryption keys are
    susceptible to brute force attacks.
    Note that the risk is mostly for WPA-PSK and not for WPA-TKIP or
    WPA-RADIUS which have individual keys for individual users. Probably
    a good reason to setup a RADIUS server or find a wireless router that
    has one built in. For example:
    | http://www.zyxel.com/product/model....dexcate1=1085450343&indexFlagvalue=1021876859
    This quote from the above article is rather interesting:
    "To limit this risk, WPA networks shut down for 30 seconds
    whenever an attempted attack is detected."
    I haven't observed this 30 second feature in any WPA access point
    implimentation so far.
    That was some heavy reading. At first glance, it looks like WPA-PSK
    is crackable with a brute force dictionary attack. Thanks for the
    reference.
    I'll try WPA_Attack and coWPAtty when I have time.
     
    Jeff Liebermann, Oct 12, 2005
    #8
  9. Roy Amin

    myWIFIzone Guest

    On top of WPA/WEP you might want to try our free blocking software. It
    will block anyone that cracks your encryption keys from surfing the web
    on your network. http://www.mywifizone.com
     
    myWIFIzone, Oct 12, 2005
    #9
  10. Roy Amin

    Guest Guest

    Are there any free WPA-PSK generators available?
     
    Guest, Oct 12, 2005
    #10
  11. Roy Amin

    Guest Guest

    Guest, Oct 12, 2005
    #11
  12. Sure. Find the kids Scrabble set. Grab 20 to 63 letters and put them
    in a cup. Shake well. Dump on table and organize in a straight line.
    Record the results and that's your WPA-PSK key. The kids can help if
    they want.

    Google found several by searching for "WPA key generator".
    This one looks good:
    http://www.kurtm.net/wpa-pskgen/index.php
    At 26 characters, the average 128 bit WEP key generator can also be
    used.
     
    Jeff Liebermann, Oct 12, 2005
    #12
  13. Well, they're in Australia so I don't think they'll be sniffing your
    wireless traffic from that far away. There's always the danger that
    they're capturing the generated keys and posting them to hacker web
    sites or perhaps building dictionary lookup lists. It's also possible
    that the generated keys are not truely random and have some type of
    hidden pattern that makes them easy to detect and decode. You
    evaluate the risks based on your potential exposure.

    Incidentally, Winguides is PcTools.com. I've used various PC Tools
    products for many years and highly recommend both the products and the
    company.
     
    Jeff Liebermann, Oct 12, 2005
    #13
  14. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on Tue, 11 Oct 2005 20:54:55
    Indeed, yet many people still don't know about it, giving them a false sense
    of security with WPA, which can be dangerous. I think it's the Dirty Little
    Secret of wireless, and that all wireless vendors should promptly update their
    firmware to at least warn about WPA keys of less than 20 characters, if not
    prohibit them outright. I applaud those vendors that:

    * Have a key "strength" algorithm that at least warns people about weak keys,
    if not prohibit them outright.

    * Have easy and robust ways to generate and install strong "random" keys.

    * Default install of both a strong "random" admin password and WPA key by
    default.
    A key of (say) 16 characters isn't "short" in the minds of most users. Better
    to say that only very long keys are safe.
    Also dictionary attacks, which can be much more efficient than brute force.
    In practice, both are often employed, with brute force coming after an
    unsuccessful dictionary attack.

    Worse, the attack can be conducted offline once the data is captured, rather
    than in real time, increasing the level of risk.
    I agree, although I think a strong WPA key is effective in (say) a controlled
    single user environment.

    For example: Excellent. Or for less money, tinyPEAP on the WRT54G/GS
    Me either. :(
    There are reports of more effective automated tools in the hands of crackers.
     
    John Navas, Oct 12, 2005
    #14
  15. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on Wed, 12 Oct 2005 11:22:22 -0500, Nospam

    The password generator I use and recommend is Password Safe*
    <http://passwordsafe.sourceforge.net/>
    Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
    it's open source and free, and has been subjected to extensive peer review.


    * NOT!!! <http://www.passwordsafe.com/>
     
    John Navas, Oct 12, 2005
    #15
  16. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on 12 Oct 2005
    * What about non-HTTP protocols?
    * What about MAC/IP spoofing?

    My concern is that your software would create a false sense of security.

    I'm frankly skeptical that this can be done reliably and effectively with
    simple wireless routers.
     
    John Navas, Oct 12, 2005
    #16
  17. Roy Amin

    myWIFIzone Guest

    My concern is that your software would create a false sense of security.

    Maybe - but no worse than you get with WEP/WPA. If someone cracks your
    WEP, they surf to their hearts' content without you even knowing. BTW -
    myWIFIzone runs on your desktop (not in the router) and it does block
    other protocols by the same method (session hijacking).
     
    myWIFIzone, Oct 12, 2005
    #17
  18. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on Wed, 12 Oct 2005 10:20:14
    Firefox reports that the issuer of the certificate for that site cannot be
    verified, a matter of concern, especially when the objective is security.
     
    John Navas, Oct 12, 2005
    #18
  19. Roy Amin

    John Navas Guest

    [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

    In <> on Wed, 12 Oct 2005 10:10:30

    1. Not an SSL connection, so the site cannot be verified, and the generated
    key could be intercepted.

    2. Based only on simple iteration of the Javascript random number generator,
    so digit sequencing is predictable, and no better than the real randomness of
    the generator in any event.

    3. Doesn't seem to work in Mozilla Firefox.
     
    John Navas, Oct 12, 2005
    #19
  20. Roy Amin

    Guest Guest

    That's one of the reasons I asked about trust (I use Firefox too).
     
    Guest, Oct 12, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.